System and method for hybrid kernel and user-space checkpointing using a character device

ABSTRACT

A system, method, and computer readable medium for hybrid kernel-mode and user-mode checkpointing of multi-process applications. The computer readable medium includes computer-executable instructions for execution by a processing system. A multi-process application runs on primary hosts and is checkpointed by a checkpointer comprised of a kernel-mode checkpointer module and one or more user-space interceptors providing barrier synchronization, checkpointing thread, resource flushing, and an application virtualization space. Checkpoints may be written to storage and the application restored from said stored checkpoint at a later time. Checkpointing is transparent to the application and requires no modification to the application, operating system, networking stack or libraries. In an alternate embodiment the kernel-mode checkpointer is built into the kernel.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of and claims priority fromU.S. patent application Ser. No. 14/918,312 filed Oct. 20, 2015 titledSYSTEM AND METHOD FOR HYBRID KERNEL AND USER-SPACE CHECKPOINTING USING ACHARACTER DEVICE, now U.S. Pat. No. 9,870,290, issued Jan. 16, 2018,which is a continuation U.S. patent application Ser. No. 13/920,889filed Jun. 18, 2013 titled SYSTEM AND METHOD FOR HYBRID KERNEL ANDUSER-SPACE CHECKPOINTING USING A CHARACTER DEVICE, now U.S. Pat. No.9,164,843, issued Oct. 20, 2015, which is a continuation of U.S. patentapplication Ser. No. 13/096,461 filed Apr. 28, 2011 titled SYSTEM ANDMETHOD FOR HYBRID KERNEL-AND USER-SPACE CHECKPOINTING, now U.S. Pat. No.8,745,442, issued Jun. 3, 2014, the disclosures of which are herebyincorporated by reference herein in their entirety. This application isrelated to commonly assigned U.S. patent application Ser. No.12/334,660, filed Dec. 15, 2008 titled METHOD AND SYSTEM FOR PROVIDINGCHECKPOINTING TO WINDOWS APPLICATION GROUPS, the disclosure of which ishereby incorporated by reference in its entirety. The present inventionis also related to commonly assigned U.S. patent application Ser. No.12/334,634 filed Dec. 15, 2008 titled METHOD AND SYSTEM FOR PROVIDINGCOORDINATED CHECKPOINTING TO A GROUP OF INDEPENDENT COMPUTERAPPLICATIONS, now U.S. Pat. No. 8,078,910, issued Dec. 13, 2011, thedisclosure of which is hereby incorporated by reference herein in itsentirety.

NOTICE OF MATERIAL SUBJECT TO COPYRIGHT PROTECTION

A portion of the material in this patent document is subject tocopyright protection under the copyright laws of the United States andof other countries. The owner of the copyright rights has no objectionto the facsimile reproduction by anyone of the patent document or thepatent disclosure, as it appears in the United States Patent andTrademark Office publicly available file or records, but otherwisereserves all copyright rights whatsoever. The copyright owner does nothereby waive any of its rights to have this patent document maintainedin secrecy, including without limitation its rights pursuant to 37C.F.R. § 1.14.

BACKGROUND OF THE INVENTION 1. Field of the Invention

This invention pertains to software-based checkpointing of applicationsrunning on computer systems, computer networks, telecommunicationssystems, embedded computer systems, wireless devices such as cell phonesand PDAs, and more particularly to methods, systems and procedures(i.e., programming) for checkpointing and checkpoint-restoration ofapplications where the core checkpointing service is performed as akernel service.

2. Description of Related Art

In many environments one of the most important features is to ensurethat a running application continues to run even in the event of one ormore system or software faults. Mission critical systems intelecommunications, military, financial and embedded applications mustcontinue to provide their service even in the event of hardware orsoftware faults. The autopilot on an airplane is designed to continue tooperate even if some of the computer and instrumentation is damaged; the911 emergency phone system is designed to operate even if the main phonesystem if severely damaged, and stock exchanges deploy software thatkeep the exchange running even if some of the routers and servers godown. Today, the same expectations of “fault-free” operations are beingplaced on commodity computer systems and standard applications.

Checkpointing is a general technique used to capture some or all of anapplication's state and preserve the state for use at a later time. Theapplication state can, by way of example, be used to recovery a crashedapplication and to migrate, i.e. move, an application from one server toanother.

In U.S. Pat. No. 7,293,200 Neary et al (Neary) disclose “Method andsystem for providing transparent incremental and multi-processcheckpointing to computer applications”. In Ser. No. 12/334,660Backensto et al (Backensto) teach “METHOD AND COMPUTER READABLE MEDIUMFOR PROVIDING CHECKPOINTING TO WINDOWS APPLICATION GROUPS” providingsimilar checkpointing services to Windows applications, and in Ser. No.12/334,634 Havemose (Havemose) teach METHOD AND SYSTEM FOR PROVIDINGCOORDINATED CHECKPOINTING TO A GROUP OF INDEPENDENT COMPUTERAPPLICATIONS. Neary, Havemose and Backensto use a user-spacecheckpointer combined with interception and functionality to adjustlinks to libraries and files for checkpoint restore.

OpenVZ (http://en.wikipedia.org/wiki/OpenVZ) approaches checkpointingdifferently by providing checkpointing using a custom kernel. In otherwords, checkpointing is provided using a custom operating system.

Virtual Machine technology, such as VMWare, XEN and KVM, offer similarfeatures, often using terminology such as snapshot and live migration.Virtual machine technology, however, is an entire additional softwarelayer sitting under the operating system, which adds overhead andmanagement complexity.

The prior art thus requires extensive functionality running in userspace (Neary, Havemose and Backensto), a custom operating system(OpenVZ) or a commitment to a hardware virtualization platform (VMWare,XEN and KVM). Having a checkpointer with extensive user space componentsmakes the checkpointer very dependent on system libraries and requiresconstant updating as user libraries change between releases of theoperating system. Relying on a custom operating system requiresapplication to be customized for the custom operating system, which canreduce the number of applications available to customers. Finally, acommitment to hardware/system virtualization can be expensive and changethe deployment and management model of applications.

There is therefore a need for a checkpointing service that runs fullytransparent to the applications, runs on standard operating systems, andoperates without requiring a hardware virtualization layer. The presentinvention provides checkpointing as a kernel service generally loaded asa loadable kernel module working along with user-space interceptors. Thekernel service may be dynamically loaded into the kernel and providescheckpointing services universally to all applications without requiringany application customizations or customization to the underlyingoperation system. Interceptors are loaded as part of loading theapplication. The kernel module checkpointer can be further optimized bymodifying the kernel. Likewise, no hardware or system virtualizationtechnology is required which keeps memory and hardware requirementsminimal.

BRIEF SUMMARY OF THE INVENTION

The present invention provides systems and methods forapplication-checkpointing that requires no modification to theapplications being checkpointed (i.e. is transparent) and works oncommodity operating system and hardware. The terms “checkpointer”,“checkpointing”, “taking a checkpoint” and “checkpointing service” areutilized herein interchangeably to designate a set of services which 1)capture the entire state of an application and store all or some of theapplication state locally or remotely, and 2) restore the entire stateof the application from said stored application checkpoint. The terms“checkpoint file” or “checkpoint” are utilized herein interchangeably todesignate the data captured by the checkpointing service. Generally, thecheckpoint files are written to local disk, remote storage, networkstorage or memory. In the present invention, the elements of thecheckpointing services are provided as a Loadable Kernel Module (LKM).Loadable kernel modules are also called Kernel Loadable Modules (KLM),kernel extensions, or simply Kernel Modules. Throughout the rest of thisdocument we use the terms Loadable Kernel Module and kernel moduleinterchangeably to designate the functionality across all operatingsystems.

When using checkpointing to move an application from one server (theprimary) to another server (the backup) the following terminology isused:

The terms “primary” and “primary application” are used interchangeablyto designate the primary application running on the primary host. Thehost on which the primary application is running is referred to as the“primary server”, “primary host” or simply the “host” when the contextis clear. The term “on the primary” is used to designate an operation oractivity related to the primary application on the primary server.

Similarly, the terms “backup” and “backup application” are usedinterchangeably to designate a backup application running on a backuphost. The host on which the backup application is running is referred toas a “backup server”, a “backup host” or simply a “host” when thecontext is clear. The terms “on the backup” or “on a backup” are usedinterchangeably to designate an operation or activity related to abackup application on a backup server.

The term “Live Migration” is used to designate the processes of moving arunning application or a running virtual machine from a primary serverto a backup server. The “migration” is “live” as the application is keptrunning for the majority of the move. Generally, live migration of bothapplications and virtual machines are planned; i.e. they are triggeredin response to an event. The event may be an operator choosing tomigrate the application/VM or a memory threshold being met, or otherpre-defined scriptable event. For the live migration to succeed both theprimary and the backup must operate during the entire live migrationprocess.

The term “fault” is used to designate an abnormal condition or defect ofa component, software, sub-system or equipment. Examples of faultsinclude a power supply burning out, a CPU overheating, and a softwarebug that crashes an application. Faults can happen at any time and arethus non-deterministic, i.e. unpredictable. The term “Fault Detection”is used to designate the mechanism used to detect that a fault hasoccurred. Fault detection is well known in the art and is therefore notfurther defined herein.

The following terms are also used throughout the disclosures:

The terms “Windows” and “Microsoft Windows” are utilized hereininterchangeably to designate any and all versions of the MicrosoftWindows operating systems. By example, and not limitation, this includesWindows XP, Windows Server 2003, Windows NT, Windows Vista, WindowsServer 2008, Windows 7, Windows Mobile, and Windows Embedded. Theoperation and design of Microsoft Windows is well documented on the webat msdn.microsoft.com.

The terms “Linux” and “UNIX” is utilized herein to designate any and allvariants of Linux and UNIX. By example, and not limitation, thisincludes RedHat Linux, Suse Linux, Ubuntu Linux, HPUX (HP UNIX), andSolaris (Sun UNIX). The design and operation of the Linux operatingsystem is well documented both on the web and at www.kernel.org.

The term “node” and “host” are utilized herein interchangeably todesignate one or more processors running a single instance of anoperating system. A virtual machine, such as a VMware, KVM, or XEN VMinstance, is also considered a “node”. Using VM technology, it ispossible to have multiple nodes on one physical server.

The terms “application”” or as appropriate “multi process application”are utilized to designate a grouping of one or more processes, whereeach process can consist of one or more threads. Operating systemsgenerally launch an application by creating the application's initialprocess and letting that initial process run/execute. In the followingteachings we often identify the application at launch time with thatinitial process.

As an application is a grouping of one or more processes, an applicationmay thus be comprised of one or more other applications, each of whichin turn is comprised of one of more processes. This hierarchy ofapplication may continue to any depth without loss of generality.

In the following we use commonly known terms including but not limitedto “client”, “server”, “API”, “java”, “process”, “process ID (PID)”,“thread”, “thread ID (TID)”, “thread local storage (TLS)”, “instructionpointer”, “stack”, “kernel”, “kernel module”, “loadable kernel module”,“heap”, “stack”, “files”, “disk”, “CPU”, “CPU registers”, “storage”,“memory”, “memory segments”, “address space”, “semaphore”, “loader”,“system loader”, “system path”, “sockets”, “TCP/IP”, “http”,“Inter-process communication (IPC)”, and “signal”. These terms are wellknown in the art and thus will not be described in detail herein.

The term “transport” is utilized to designate the connection, mechanismand/or protocols used for communicating across the distributedapplication. Examples of transport include TCP/IP, UDP, Message PassingInterface (MPI), Myrinet, Fibre Channel, ATM, shared memory, DMA, RDMA,system buses, and custom backplanes. In the following, the term“transport driver” is utilized to designate the implementation of thetransport. By way of example, the transport driver for TCP/IP would bethe local TCP/IP stack running on the host.

The term “interception” is used to designate the mechanism by which anapplication re-directs a system call or library call to a newimplementation. On Linux and other UNIX variants interception may beachieved by a combination of LD_PRELOAD, wrapper functions, identicallynamed functions resolved earlier in the load process, and changes to thekernel sys_call_table. On Windows, interception may be achieved bymodifying a process' Import Address Table and creating Trampolinefunctions, as documented by “Detours: Binary Interception of Win32Functions” by Galen Hunt and Doug Brubacher, Microsoft Research July1999″. Throughout the rest of this document the terminology interceptionto designate the functionality across all operating systems. Theterminology pre-loading is used to designate the process of loading theinterceptors into the application's address space on all operatingsystems.

The term “transparent” is used herein to designate that no modificationto the application is required. In other words, the present inventionworks directly on the application binary without needing any applicationcustomization, source code modifications, recompilation, re-linking,special installation, custom agents, or other extensions.

The term “fork( )” is used to designate the operating system mechanismused to create a new running process. On Linux, Solaris, and other UNIXvariants, a family of fork( ) calls is provided. On Windows, one of theequivalent calls is “CreateProcess( )”. Throughout the rest of thisdocument we use the term “fork” to designate the functionality acrossall operating systems, not just on Linux/Unix. In general fork( ) makesa copy of the process making the fork( ) call. This means that the newlycreated process has a copy of the entire address space, including allvariables, I/O etc of the parent process.

The term “exec( )” is used to designate the operating system mechanismused to overlay a new image on top of an already existing process. OnLinux, Solaris, and other UNIX a family of exec( ) calls is provided. OnWindows, the equivalent functionality is provided by e.g.“CreateProcess( )” via parameters. Throughout the rest of this documentwe use the term “exec” to designate the functionality across alloperating systems, not just Linux/Unix. In general, exec( ) overwritesthe entire address space of the process calling exec( ). A new processis not created and data, heap and stacks of the calling process arereplaced by those of the new process. A few elements are preserved,including but not limited to process-ID, UID, open file descriptors anduser-limits.

The terms “barrier” and “barrier synchronization” are used herein todesignate a type of synchronization method. A barrier for a group ofprocesses and threads is a point in the execution where all threads andprocesses must stop before being allowed to proceed. Barriers aretypically implemented using semaphores, mutexes, locks, event objects,or other equivalent system functionality. Barriers are well known in theart and will not be described further here.

Modern operating systems such as Windows and Linux separate the addressspace into kernel space and user space. Kernel space is the addressspace reserved for running the kernel, kernel extensions, and dependingon operating system, device drivers. User space is the address space inwhich user processes (i.e. applications) run.

The context of the present invention is an application on the primaryserver (primary application or the primary) and zero, one or more backupservers (also called the backups). While any number of backup-servers issupported the disclosures generally describe the scenario with onebackup. As is obvious to anyone skilled in the art this is done withoutloss of generality.

As part of loading an application for checkpointing the checkpointerkernel module is loaded if not already loaded. The checkpointer kernelmodule provides checkpointing services in coordination with andintegrated with the operating system kernel and user-space interceptors.The checkpoints may be used to start the application again on theprimary, migrate the application to a backup or recover from a fault.The backup and fault recovery use checkpoints taken by the checkpointerto restore the application to a prior state.

Another aspect of the present invention is a resource virtualizationlayer running as part of the interceptors.

A key element of the present invention is thus the use of kernel moduleto capture the state of a running application and save said applicationstate to storage.

Another key aspect of the present invention is to use said storedapplication state to rebuild, also called restore, a copy of theapplication and let the application resume execution from said storedapplication state.

Another aspect of the present invention is that the checkpointingservice is provided as a loadable kernel module, thus providing thecheckpointing service to application as an extension of the operatingsystem kernel without requiring any application customizations orcustomization of system libraries. Yet another aspect of the presentinvention is that the checkpointing service may be built into thekernel, thus also offering the checkpointing service to applications asa built-in operating system service.

A related aspect is that the present invention provides hybridkernel-space and user-space application checkpointing, as the kernelmodule operates along with the user-space library to perform thecheckpointing.

Yet another aspect of the present invention is during a restore from acheckpoint the checkpointer kernel module adjusts kernel state for theparticular application based on the checkpoint.

Another aspect of the present invention is that the checkpointer kernelmodule can be unloaded to free up memory when the checkpointing servicesno longer are needed.

A further aspect of the present invention is that it can be provided oncommodity operating systems such as Linux and Windows, and on commodityhardware such as Intel, AMD, SPARC and MIPS. The present invention thusworks on commodity operating systems, commodity hardware with standard(off the shelf) software without needing any further modifications.

Further aspects of the invention will be brought out in the followingportions of the specification, wherein the detailed description is forthe purpose of fully disclosing preferred embodiments of the inventionwithout placing limitations thereon.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S)

The invention will be more fully understood by reference to thefollowing drawings which are for illustrative purposes only:

FIG. 1 is a block diagram of the core system architecture

FIG. 2 is a block diagram illustrating a pair of primary and backup

FIG. 3 is a block diagram illustrating virtual and physical memory andtheir mappings

FIG. 4 is a block diagram illustrating use of the virtual file system

FIG. 5 is a block diagram illustrating the checkpointing process

FIG. 6 is a block diagram illustrating the interaction of the barrier,checkpointer threads, and kernel module.

FIG. 7 is a block diagram illustrating the barrier.

FIG. 8 is a block diagram illustrating the structure of a checkpoint.

FIG. 9 is a block diagram illustrating restoring a checkpoint.

FIG. 10 is a block diagram illustrating various deployment scenarios.

DETAILED DESCRIPTION OF THE INVENTION

Referring more specifically to the drawings, for illustrative purposesthe present invention will be disclosed in relation to FIG. 1 throughFIG. 10 It will be appreciated that the system and apparatus of theinvention may vary as to configuration and as to details of theconstituent components, and that the method may vary as to the specificsteps and sequence, without departing from the basic concepts asdisclosed herein.

0. INTRODUCTION

The context in which this invention is disclosed is an applicationrunning on a primary server. Without affecting the general case ofmultiple primary applications, the following disclosures often depictand describe just one primary application. Multiple primary applicationsare handled in a similar manner.

Likewise, the disclosures generally describe applications with one ortwo processes; any number of processes is handled in a similar manner.Finally, the disclosures generally describe one or two threads perprocess; any number of threads is handled in a similar manner

1. OVERVIEW

FIG. 1 illustrates by way of example embodiment 10 the overall structureof the present invention. The following brief overview illustrates thehigh-level relationship between the various components; further detailson the inner workings and interdependencies are provided in thefollowing sections. FIG. 1. Illustrates by way of example embodiment 10a primary server 12 with an application 16 loaded into system memory 14.The application 16 is comprised of two processes; process A 18 andprocess B 20. Each of the two processes has two running threads. ProcessA contains thread T0 22 and thread T1 24, while process B is containsthread T3 26 and thread T4 28. As part of loading the application 16 aninterception layer (IL) 23, 29 is pre-loaded into the address space ofeach process. Interception Layer 23 for process A is preloaded intoprocess As address space and Interception Layer 29 is preloaded intoprocess B's address space. The system libraries 36 are generallyinterposed between the application 16 and operating system 38. Alongsidewith the operating system 38 are the loadable kernel modules 30.

System resources, such as CPUs 46, I/O devices 44, Network interfaces 42and storage 40 are accessed using the operating system 38 and theloadable kernel modules 30. Devices accessing remote resources use someform of transport network 48. By way of example, system networking 42may use TCP/IP over Ethernet transport, Storage 40 may use Fibre Channelor Ethernet transport, and I/O 44 may use USB.

The architecture for the backup is identical to the primary,

In the preferred embodiment storage 40 is external and accessible byboth primary and backups over a network 48.

FIG. 1 illustrates the system libraries 36 as separate from theapplication 16 and the individual processes process A 18 and process B20. The system libraries are generally shared libraries. For clarity ofpresentation, the system libraries are depicted outside the addressspace of the individual processes, even though some library state andcode is present within the address space of the individual applicationprocesses.

In an alternate embodiment the functionality of the kernel module 30 isbuilt into, i.e. compiled into, the kernel. This eliminates the need toload the kernel module, at the expense of being custom kernel. Thepreferred embodiment disclosed herein provides checkpointing services asa kernel module, but it is obvious to anyone with ordinary skills in theart the kernel module functionality could be compiled into the kernel asdisclosed for the alternate embodiment.

FIG. 2 illustrates by way of example embodiment 60 a primary server 62and its corresponding backup server 82 working as a pair of primary andbackup. The primary application 64 is comprised of two processes;process A 66 and process B 68, each with two running threads and aninterception layer. System libraries 70 on the primary are interposedbetween the application 64 and the operating system kernel 76. Loadablekernel modules 72 are loaded by the kernel 76 as needed.

Using a similar architecture, the backup server 82 contains the backupapplication 84 comprised of process A 86 and process B 88 each with twothreads and interception layer. System libraries 90 are interposedbetween the application 84 and the operating system kernel 96. Loadablekernel modules 92 as loaded by the kernel 96 as needed.

Primary and backup communicate over one or more network connections 98.

2. KERNEL STRUCTURE

Linux and Windows are two dominant operating systems with differentkernel architectures. Linux is build around a monolithic kernel withloadable kernel modules, while Windows is built around a micro kernelwith a core executive. As with Linux, Windows supports loadable kernelmodules and kernel-mode drivers. Both Windows and Linux thus enabledrivers and modules to run in kernel space.

2.1 Memory

On the Linux operating system applications running in user spacecommunicate with the kernel through defined kernel interfaces. Thekernel interfaces are generally concealed by the system libraries as faras the applications in user space are concerned. On Windows, the Windowssystem libraries exemplified by the Win32 and Posix subsystems likewisemanage the interfaces to kernel functionality. Generally, a user-spaceapplication doesn't need to concern itself with kernel behavior; itsimply requests kernel services through the system libraries.

Both the Linux and Windows kernels and system libraries are welldocumented and only the elements relevant for the present invention willbe further described.

On a 32-bit operating system an application can generally address thefull 4 GB of memory corresponding to the 32 bits of address space, evenif the underlying hardware provides less than 4 GB of memory. As apractical matter Linux reserves the upper 1 GB of memory for theoperating system, while Windows generally reserves the upper 1 or 2 GBfor the operating system. The available physical memory is first mappedinto the address space of the kernel, and the kernel is then proving aflat virtual 4 GB address space for the application. For 64-bitoperating systems and hardware similar considerations apply, other thanthe address space is 64 bits instead of 32 bit. The kernel maintainssaid mapping between application virtual addresses and physical memoryaddresses. The virtual address space of is broken into equal sizedportions called pages by the kernel. Physical memory is likewise brokeninto similar sized pages, called page frames. On IA32 systems the pagesize is 4 kb (4096 bytes). Other architectures may have different pagesizes. In the following PAGE_SIZE is used to designate the page size onall platforms. The present invention relies on this mapping to locateand extract application memory image as part of checkpointing whilerunning within the context of the kernel. Generally, the address spacewhen viewed from an application process's perspective is called processvirtual memory or process address space, while the underlying physicalmemory of the host system is called physical memory.

FIG. 3 illustrates by way of example embodiment 100, the relationshipbetween process virtual memory and physical memory. Process A's virtualmemory 102 is broken into pages. Each allocated page in virtual memoryis mapped to a page in physical memory 104. By way of example page zeroin process A's virtual memory 102 is mapped to page frame 1 in physicalmemory, and page 3 in process A's virtual memory is mapped to page frame3 in physical memory. Process B's virtual memory 106 page address zerois mapped to page frame 1 in physical memory while page 2 in virtualmemory is mapped to page frame 7 in physical memory. Page frames inphysical memory may be shared between two processes as illustrated forpage frame 1. While nomenclature and some of the finer details varybetween operating systems, the disclosures above generally describe themechanics on Linux and Windows and the nomenclature set forth is used inthe following for teachings on both Linux and Windows.

2.2 Resources and Processes

Each process has resources attached. By way of example, on the Linuxoperating system, information related to a running process is capturedand stored in the task_struct structure or can be retrieved via saidtask_struct. Some of the data kept in the task_struct is processexecution status, process hierarchy, allocated memory, processcredentials, memberships, signals, resources in use and threadinformation. As the task_struct is a kernel data structure theinformation stored within is generally not accessible by applicationsrunning in user space. Applications can access some of the elementsusing system calls abstracted out within the system libraries. Datawithin the task_struct, however, is accessible when running in kernelmode, a fact the present invention builds on.

The kernel also maintains a list of all running processes called thekernel task list. In newer versions of the Linux kernel the kernel tasklist is private and can therefore not be directly accessed. The presentinvention does therefore not rely on the global kernel task list; ratherit relies only on the local task_struct for the process currently beingaccessed and uses a user-space library to coordinate access to differentprocesses.

2.3 Device Drivers

Device drivers provide implementation of hardware specific interfaces.Both Linux and Windows provide generic device support and impose certainarchitectural constraints on drivers in order to provide universalsupport for a large number of drivers. By way of example, operatingsystems provide device drivers for access to hard disks, CD ROM drives,USB, internal and external peripherals. By way of example, when anapplication opens a file, a device driver is ultimately responsible forretrieving or writing data to said file.

Device drivers thus enable access to very specific resources usingwell-defined mechanisms offered by the kernel and abstracted out by thesystem libraries. Device drivers run as part of the kernel either builtin or dynamically loaded as a loadable kernel module. As such, devicedrivers have access to the kernel internals and can inspect andmanipulate kernel structures. The present invention builds on thesefacts to offer checkpointing services, where key elements of saidcheckpointing services are provided as a checkpointing device driver.

FIG. 4 illustrates by way of example embodiment 120 the structure on theLinux operating system. An application 124 runs in user space 122.Kernel functionality is accessed either directly from the applicationthrough sys calls, or through the system libraries 126. Within kernelspace 128, the System Call Interface 130 receives and processes thesystem call. The system call is translated into a call into the kernel132, where it's processed, eventually passed through one or more devicedrivers 134 and the underlying hardware 144 is accessed. For manydevices, the Virtual File System (VFS) is used a common abstraction. TheVFS 138 is a kernel module 136 and provides a “standard file system”that defines services and interface many devices must support. VFS isgenerally mounted over a file systems such as ext3, ext4 and reiser 140for block devices, and directly over the character driver for acharacter device. Even virtual file system, such as the /proc filesystem, is provided within the context of VFS. VFS and the extended filesystems ultimately rely on one or more device drivers 142 to access thestorage media 144.

As illustrated in the example embodiment 120 on FIG. 4 user-spaceapplication never directly access the device driver; rather the devicedriver is accessed going through standard kernel interfaces (System CallInterface) using abstractions such as VFS. The present inventionutilizes the VFS abstraction as well, and provides checkpointing, thatfrom the applications perspective looks like reading files from a filesystem. Likewise, restoring checkpoints looks like writing a file to afile system.

3 CHECKPOINTING DEVICE DRIVER INTRODUCTION

In the following disclosures we follow the Linux naming convention,where device drivers are installed in the “/dev” directory. In thefollowing disclosure the checkpointer device driver is named “ckpt” andthe full pathname is thus “/dev/ckpt”. The actual device name is notimportant as long as it's different from other device names supported bythe kernel and available in the/dev or other directory.

By way of example, /dev/ckpt is implemented as a character device. Thedisclosed functionality of/dev/ckpt could also be implemented as a blockdevice, which is obvious to anyone with ordinary skills in the art.Therefore, the preferred embodiment uses a character device while analternate implementation uses a block device. Character devices andblock devices are both known in the art and the following disclosureswill thus focus on aspects relevant to the present invention.

A character device is identified by its major device number. By way ofexample, the following teachings use a major device number ofCKPT_MAJOR_NUM. For testing purposes the locally reserved numbers in therange 240 to 254 can be used. By way of example on the Linux operatingsystem, the device node is create as

# mknod/dev/ckpt c CKPT_MAJOR_NUM 0

3.1 File Operations

The internal structure of a device driver must declare thefile_operations supported by the device. By way of example, ckptfile_operations is defined as follows:

struct file_operation ckpt_fops={

.owner=THIS_MODULE,

.open=ckpt_open,

.release=ckpt_release,

.read=ckpt_read,

.write=ckpt_write,

.ioctl=ckpt_ioctl,

.seek=ckpt_seek,

};

Here each of the device driver functions ckpt_open, ckpt_release,ckpt_read, ckpt_write, ckpt_ioctl and ckpt_seek are assigned to theirrespective file_operations.

ckpt_open is used to initialize the device driver, ckpt_release torelease all resources associated with the device before taking thedevice down. ckpt_read and ckpt_write are used to read and write bytesof data respectively, ckpt_ioctl is used to query the device driver forspecial status information, and ckpt_seek is used to reset the currentposition in the device. Finally THIS_MODULE identifies the module.

In addition to open/read/write/release calls, the/dev/ckpt also containskernel module initialization. The module initialization and terminationis often called module_init( ) and module_exit( ) in reference to thecommonly found declarations in kernel modules. By way of example thefollowing teachings use the terminology ckpt_module_init( ) andckpt_module_exit( ) or said functions of within the context of thepresent invention.

In the preferred embodiment ckpt_module_init( ) call registers thedevice with the operating system.

static int_init ckpt_module_init(void) {  int ret;  if ((ret =register_chrdev(CKPT_MAJOR_NUM, ″ckpt″,   &ckpt_fops)) < 0)   printk(KERN_ERR ″ckpt_module_init: %d\n″,ret);  return ret; }

The register_chrdev call provides the registration information thatallows the operating system to map the/dev/ckpt to the actual devicedriver.

Similarly ckpt_module_exit( ) unregisters the module with a preferredembodiment as

static void_exit ckpt_module_exit(void)

{

-   -   unregister_chrdev(CKPT_MAJOR_NUM, “ckpt”);

}

3.2 Conceptual use of/dev/ckpt

By way of example, the/dev/ckpt checkpointer module may be loaded usingthe standard Linux command insmod and the/dev/ckpt checkpointer may beunloaded using the Linux command rmmod. Both command are well known inthe art and will not be described further herein.

The/dev/ckpt checkpointer is accessed from user space like any otherfile or device. In the preferred embodiment the checkpointer is opened,ignoring error handling, using code similar to

pCkpt=open(“/dev/ckpt”,O_RDWR);

and the checkpointer is closed using code like

close(pCkpt);

In the preferred embodiment, a checkpoint is created by readingfrom/dev/ckpt using code like

readCount=read(pCkpt,buffer,size);

and a restore from checkpoint is accomplished by writing to/dev/ckptusing code like

writtenCount=write(pCkpt,buffer,size);

FIG. 5 illustrates by way of example embodiment 160 the overall flow ofthe checkpointing process. First 162 the/dev/ckpt checkpointer module isloaded using, by way of example, the insmod command. The application isthen started 164. As part of loading the application interceptors areloaded containing the user-space components of the checkpointer. Thecheckpointer is started 166 by way of the/dev/ckpt open command. Theapplication is then let run 168 for some period of time. If theapplication is not finished processing 170 the checkpointer is activated172. A checkpoint is taken through the/dev/ckpt read command 172, andthe application let run again 168. If the application is done running170 the checkpointer is closed 174, the application exited 176 andthe/dev/ckpt checkpointer unloaded using by way of example rmmod.

The finer details of the checkpointing process and its interaction withthe user-space interceptors are disclosed in the next sections.

4.0 USER-SPACE SHARED LIBRARY

On the Linux operating systems new processes are created by the combineduse of fork( ) and exec( ) On Windows, processes may be created by usingthe CreateProcess( ) call. As described above, the disclosures of thepresent invention use the terminology fork( ) and exec( ) to designatethe process creating interfaces on all operating system.

The user-space functionality is pre-loaded as a library as part ofinitially loading the initial application process and later every time anew process is created. The user-space library provides the followingfunctionality

a. Creation of a dedicated checkpointing thread for each process

b. Preparation of Barrier for process and threads within process

c. Collection of checkpoint data by calling/dev/ckpt

d. Flushing of system resources

e. Resource virtualization, Application Virtualization Space (AVS).

As part of checkpointing, the present invention deterministically haltsexecution of the application being checkpointed. Halting of amulti-process multi-threaded application is achieved using barriersynchronization (as defined in “Brief summary of Invention”). The use ofBarrier synchronization for halting a multi-process multi-threadedapplication is taught in U.S. Pat. No. 7,293,200 Neary et al andincluded in its entirety by reference. The use of a barrier within thecontext of the present invention is disclosed below.

Where Neary et al. provides the actual checkpointing facility in a“check point library” running in user-space, the present inventionprovides the core checkpointing facility as a kernel module. The presentinvention utilizes the barrier from the Neary, and eliminates the needfor the checkpointer to run in user space. Moving the checkpointer fromuser-space to kernel-space has several advantages: 1) it essentiallyremoves the dependency on the system libraries found in Neary, 2) iteliminates the need to closely track application and libraryinteractions, as all checkpointing is done in the kernel sitting underthe system libraries, and 3) it automatically includes all memoryallocated in the address space of the application without the need tospecial case stacks, code, text and shared memory.

The present invention creates a checkpointing thread per process astaught in Neary. However, contrary to Neary, the checkpointer threadcalls the/dev/ckpt to collect the checkpoint and does not itself createthe checkpoint for its parent process.

FIG. 6 illustrates by way of example embodiment 180 an application 182with two processes, process A 184 with two threads T1 and T2 and processB 186 with two threads T3 and T4. Process A additionally contains thecheckpointer thread C-A 191 and process B contains checkpointer threadC-B 193. The Barrier 188 indicates a place in the execution of processA, process B and threads T1,T2,T3 and T4 where all processes and threadsare halted. With all activity in user space halted at the barrier, thekernel module checkpointer (/dev/ckpt) 198 can collect all relevantprocess state and build a checkpoint. Each process collects its owncheckpoint via the kernel module as indicated for process A 190 via itscheckpointer thread C-A 191 and process B 192 via its checkpointerthread 193

In contrast to Neary and Backensto, the user-space library of thepresent invention contains only the barrier, checkpointer thread,flushing, AVS and collection of checkpoint data. There is no need tokeep track of memory allocations, including those hidden within thesystem libraries, as all checkpointing data is collected in the kernel.This is a dramatic simplification over the user-space checkpointer anddoes not require customized system libraries.

4.1 Flushing TCP/IP

By way of example, if an application uses TCP/IP with thesocket-programming model, select TCP and socket state and data areimplicitly included in the application state, even though the data mayreside in the TCP stack or associated device driver. As previouslydisclosed, the present invention does not attempt to access kernelstructures for non-application processes and thus approaches the problemof the TCP and socket state from the application layer. Whileapplication and socket buffers generally are included in theapplications memory image that is not the case for kernel and devicebuffers related to the lower levels of the TCP/IP stack and the networkdevice itself. In the preferred embodiment the approach taken is toflush all TCP and socket communication in order to move data through thebuffers thereby ensuring that the buffers outside the application are ina consistent state with respect to the application. Flushing of TCPsockets may be achieved in a number of ways including but not limited toclosing the socket, which forces a flush and then reopening the socket,setting the TCP NODELAY socket option or through application specificflush operations. In an alternate embodiment the TCP and device kernelbuffers are extracted in kernel module without requiring any flushingoperations.

Resources accessible from the task_struct can be flushed directly by thekernel module checkpointer and does therefore not need flushing fromuser space. Only resources with kernel functionality outside thetask_struct, such as TCP/IP, require flushing from user space.

Generally, resources are flushed as part of the checkpointing process inorder to move data out of low-level buffers located outside the addressspace of application processes, through the operating system and onto orinto the devices.

4.2 Application Virtualization Space—AVS

Instantiated resources generally are only meaningful in the context ofthe operating system where the application is running.

By way of example the operating system assigns each process a uniqueprocess

ID (PID). At any point in time each process on a particular node has aunique process ID. If the process is stopped and re-started it may notget the same PID. Likewise, if the process is started on a differentnode, the PID may be different. Some applications query the operatingfor their own PID and use the PID for a variety of purposes. For acheckpoint image to be meaningful, it's thus important that the PID ispresented to applications with the value it had at the time of takingthe checkpoint.

A structure called the Application Virtualization Space (AVS) is used,to continue to example, to store the PID at the time the process iscreated and when the PID is accessed at later time through the definedAPIs, to retrieve it from the AVS

At the time the process, and thus the PID, is first created the PID isrecorded within the AVS for the particular process and kept associatedwith process as long as it's running. When the process calls getpid( )to get the associated PID, the values stored in the AVS is returned, asopposed to the PID provided by the underlying operating system. Thisensures that dependencies on PIDs are virtualized and preserved acrosscheckpoints. Similar teachings apply to thread IDs (TIDs), and othersystem constructs such as IPC, signal, and named semaphores.

Files are handled in a similar manner. By way of example, the file name,path, and attributes are stored in the AVS. As part of restoring anapplication from a checkpoint, the contents within the AVS is used torecreate the data structures used by the operating system to representthe file, i.e. the file's name, path, and attributes. Current filestate, such as file position, is contained within the checkpoint anddoes not need to be included in the AVS; the AVS only needs the minimalinformation required to re-create the resource and the checkpoint thencontains the current state.

Similarly, network state such as state of sockets, may be included inthe AVS. As with files, only the data relevant to re-creation of theresource is required, while current state is contained within thecheckpoint.

The AVS entries are created when resources are created or opened, andremoved from the AVS when the resource is closed. By way of example,this means that the AVS entry for a file is created when the file isopened, and removed when the file is closed. The AVS is generally notinvolved with individual file operations, such as reading or writingdata, only in creating file pointers that are meaningful in the contextof the operating system and the associated checkpoint.

The AVS thus contains an application-specific private name space forresources, and maintains mappings between resources within the initialinstances of application resources and their possibly different valueswhen running in a different environment at another time. In the exampleembodiment, the AVS mappings are implemented using a hash table. Inother embodiments the AVS is implemented using a database or customcoding.

5. CHECKPOINTING IN KERNEL MODULE/DEV/CKPT

As disclosed in section 3 the read( ) method of/dev/ckpt is called toretrieve checkpoint data from the kernel. As disclosed in section 4,read( ) is called within the barrier, so the underlying process is notexecuting application code.

As taught in section 2 all state information for a particular process isstored in or can be found from the process's task_struct structure. Byway of example on the Linux operating system, the task_struct for thecurrent process can be found by the current macro. In continuation ofsection 3 an example embodiment, without error handling, of the readfunction for/dev/ckpt is

static ssize_t ckpt_read(struct file *filp,

-   -   char *ubuff, size_t count, loff_t *f_pos)

{

-   -   // pMem is a pointer to memory seen from    -   // the kernel    -   Set pMem to the current address in filp    -   // copy to user space    -   eCount=copy_to_user(ubuff,pMem, count)    -   nBytes=(eCount==0)? count: (count+eCount);    -   f_pos+=nBytes;    -   return count

}

copy_to_user( ) returns zero if count bytes have been copied or −eCountif only ecount bytes were transmitted. nBytes represents the number ofbytes actually transferred to user space. In an alternate embodiment apage is memory mapped into user-space and the checkpoint data copieddirectly into said memory mapped page.

Generally, attempting to access a memory location not allocated to theprocess causes a page fault. However, copy_to_user( ) specifically dealswith this issue by validating addresses before the copy operation. Ifthe page is invalid, i.e. the linux function access_ok( ) returns zero,copy_to_user( ) does not attempt to access the page, and the functionreturns without attempting to copy data. It is thus not necessary tocheck every page before attempting to copy.

In an alternate preferred embodiment, the page data is transferred touser-space using memory mapped pages.

Each of these steps are now disclosed in further detail.

5.1 Collecting Memory State

The process's task_struct contains a data structure mm_struct whichcontains the relevant information regarding said process's virtualmemory. The mm_struct contains the kernel data structures necessary todetermine which memory pages are used by the process.

By way of example, the start and end of code may be found using thestart_code and end_code variables, the start and end of data with thestart_data and end_data, the start and end of the heap with start_brkand brk. Similar variables may exist for stack, environment andarguments.

As memory is organized in pages within the kernel, the most efficientoperation of /dev/ckpt is in units of memory pages, as opposed to unitsof bytes. However, since the core device read( ) operations operates inunits of bytes, the calling process preferably aligns calls to read( )on page boundaries and requests blocks of bytes with the size of a page.In the preferred embodiment, a call to read( ) may thus look likeread(filp,ubuff,PAGE_SIZE,p_pos). The read( ) function return the numberof bytes read as a means of communicating success or error. If e.g. zero(0) is returned, it means that zero bytes were actually read into ubuff.

By way of example embodiment, and in continuation of the example insection 3.2, the calling process may call/dev/ckpt with pseudo code like

unsigned byte ubuff[PAGE_SIZE];

// open device

// set/reset filepos to zero.

seek(fp,0);

for(int i=0; i<maxMem; i+=PAGE_SIZE)

{

-   -   count=read(fp,ubuff,PAGE_SIZE)    -   // if (count >0) save checkpoint of page    -   // currently in ubuff

}

The/dev/ckpt driver may optimize the checkpointing process by using thepreviously disclosed information about start and end of code, text,stack etc. The checkpointer may thus check the address of the currentread request to verify that it falls outside the pages used by theprocess and if that is the case, immediately return a value of zero toindicate that no application process data was available for therequested read( ) operation. A related optimization is that on someoperating systems such as Linux a certain number of pages in low memoryare left unused to catch null-pointers. Similarly, the operating systemkernel may, by way of example, reside in the upper or lower 1 GB of thememory address space and may thus be skipped by the checkpointer. Eachoperating system is slightly different, and may offer opportunity forsuch simple optimizations of the checkpointing process.

In the example, the user-space buffer ubuff is fixed and pre-allocated,and thus automatically included in the checkpoint as well. However,since ubuff is used in a transient manner with data flowing through, itscontent does not need to be preserved as part of a checkpoint.

5.2 Flushing of System Resources

In the preferred embodiment disclosed above, TCP/IP connections areflushed from the user-space library. Other system resources, such as IPCis generally contained within the task_struct and can thus be capturedby/dev/ckpt by accessing resource within the address space of thecurrent process. Examples include, but are not limited to the System Vsemaphores sysvmem, open files identified by *files and state of signalhandlers. In these cases/dev/ckpt can access the resource internals andflush buffers as supported by the device.

5.3 Integration with User-Space Library

As disclosed above the kernel module checkpointer/dev/ckpt is called bythe checkpointing thread for a process to collects a specified number ofmemory bytes, typically a page, for said process. The/dev/ckptcheckpointer does thus not need to access the address space of any otherprocesses, nor does it need to know about other processes.

Conversely, the user-space library is responsible for coordinationacross all processes comprising an application. The barrier containedwithin the user-space library brings every application process andthread into a stable locked state where the application processes andthreads do not execute. With the application essentially halted, thecheckpointer thread for each process can call/dev/ckpt and assemble thememory pages comprising the application image.

5.4 Deterministic Halting at the Barrier

The inner working of the barrier as it relates to the checkpointingprocess is now disclosed. FIG. 7 illustrates by way of exampleembodiment 200 an application with one process 202 containing to processthreads T0 206 and T1 208 and the checkpointer thread 204 as disclosedabove. Multiple processes are handled in a similar manner.

Initially the application the process is running A 210 with thecheckpointer thread 204 and the two process threads 206, 208 operating.At some point a checkpoint is triggered 224. The checkpoint triggeractivates the barrier and transitions into waiting B 212 for T0 and T1to stop at the barrier. When both T0 and T1 are stopped at the barrierthe checkpointing thread 204 starts assembling the checkpoint C 214. Asdisclosed previously, the checkpoint assembly comprises collectingmemory and kernel state for the process 202. Kernel buffers are flushedand relevant state information saved along with the memory state. Saidcheckpoint state is then written to disk D 216. In the preferredembodiment disclosed previously states C 214 and D 216 are interleaved,in that one or more memory pages repeatedly are collected then writtento disk. That loop is indicated with the callout 226 next to state C andD. If a kernel device had to be halted as part of flushing, the deviceis activated again E 218, and the checkpointer transitions to state F220 where individual threads T0 and T1 are released in reverse orderfrom the barrier. Upon being released, the application process 202 runsagain G 222.

6. STRUCTURE OF CHECKPOINT

The checkpoint of a multi process application is comprised of stateglobal to the operating system, state shared across all processes withinthe application, and state for each process including the state of allthreads within said process.

FIG. 8 illustrates by way of example embodiment 240 the structure of anapplication checkpoint 242. The checkpoint is comprised of state globalto the operating system 244. This includes the AVS and other data thatis system global. The process hierarchy 246 contains the hierarchy ofprocesses comprising the application and shared data 248 containsinformation on all shared data between processes within the application.Examples of shared data include names of shared semaphores, sharedmemory etc. The checkpoint data for the individual processes 250 iscomprised of individual checkpoints for each process. By way of example,the checkpoint for process 1 252 is followed by the checkpoint forprocess 2, and so on until the last process, process ‘n’ 256.

FIG. 8 also illustrates by way of example embodiment 240 the layout ofthe checkpoint for individual processes. By way of example thecheckpoint for process 1 252 is comprised of the following data. Firstthe total number of pages in the checkpoint 260 is provided as a meansof boundary checking and error recovery. Pages included in thecheckpoint are identified by their page number. If a page number isprovided, it means that said page is included in the checkpoint. If aparticular page number is missing, it means said page is not included inthe checkpoint. The page number of the first page in the checkpoint 262is followed by the data contained in said first page 264. This isfollowed by the second page 266 included in the checkpoint and the datacontained in said second page 268. The same layout is followed until thelast page 270 is reached and the data contained in said last page 272.

The layout of the individual process checkpoints in the just disclosedexample embodiment allows for saving of only those pages used by theapplication, and thus supports the checkpointer optimizations previouslydisclosed in section 5.1.

Methods for storing the hash tables as used by AVS are well known in theart and will thus not be discussed in further detail. Likewise, methodsfor storing trees, as used by the process hierarchy, are well known inthe art and will thus not be discussed further.

7. RESTORING FROM CHECKPOINT

FIG. 9 illustrates by way of example embodiment 280 the processes bywhich an application is restored from a checkpoint. First, the initialprocess 282 is created. The initial process is responsible for readingthe checkpoint and creating the application processes. The initialprocess first read the global checkpoint data 284 including the AVS. TheAVS is required before creating any of the true application processes,as the virtualization subsystem may be queried by the individualcomponent processes. This is followed by reading the process hierarchy286 and the data shared between application processes 288. At this pointthe initial process is able to recreate the individual processes thatcomprise 290 the application as it has loaded the process hierarchy. Theindividual component processes are then created, the checkpointsoverlaid, interceptors installed and state rebuild. The processrebuilding is first performed for the first process in the hierarchy P1292, followed by the second process P2 294, and eventually finishes withthe last process Pn 296. When, by way of example, process P1 is created,checkpoint loaded, interceptors installed and state rebuilt, it is donewithin the process hierarchy 290 as provided in the checkpoint. It isobvious to anyone with ordinary skills in the art that the abovedisclosures naturally extends to application comprised of any numberprocesses with any hierarchy. When all processes have been created andinitialized, the resources identified within the AVS are remapped 298 toensure that the image is correctly mapped on the new host OS. Finally,with the entire state recreated, the application is released 299 fromthe barrier and resumes running from the place of the checkpoint.

The restoration of individual process checkpoints are now disclosed infurther detail. FIG. 8 illustrates by way of example embodiment, 240 thestructure of the checkpoint. Specifically, the layout of the checkpointfor an individual processes is given in blocks 260-272. During arestoration of a checkpoint, each page in the checkpoint is read and thedata written to the appropriate memory page. By way of example the data264 from the first page in the checkpoint 262 is written to thecorresponding page in application memory. The same applies for all otherpages within the address space of the application. Finally, after allprocesses have been recreated and restored, the resource information inthe AVS is remapped against the new image and the application is readyto run.

8. DEPLOYMENT SCENARIOS

FIG. 10 illustrates by way of example embodiment 300 a variety of waysthe invention can be configured to operate.

In one embodiment, the invention is configured with a central fileserver 302, primary server 304 and backup server 306. The primary server304 runs the primary application and the backup serves as backup. Theprimary 304 and backup 306 are connected to each other and the storagedevice 302 via a network 308. The network is connected to the internet316 for external access. In another embodiment the primary server 304has two backup servers; backup 306 and backup-2 305. In yet anotherembodiment the primary 304 runs in the data center, while the backup 317runs off site, accessed over the internet

In one embodiment a PC client 312 on the local network 308 is connectedto the primary application while the backup application is prepared totake over in the event of a fault. In another embodiment a PC 314 isconfigured to access the primary application server 304 over the publicinternet 316. In a third embodiment a cell phone or PDA 310 is accessingthe primary application 304 over wireless internet 316, 318. The presentinvention is configured to server all clients simultaneouslyindependently of how they connect into the application server; and inall cases the backup server is prepared to take over in the event of afault

Finally, as the interceptors and kernel module are componentsimplemented outside the application, the operating system and systemlibraries, the present invention provides checkpointing withoutrequiring any modifications to the application, operating system andsystem libraries.

The just illustrated example embodiments should not be construed aslimiting the scope of the invention but as merely providingillustrations of some of the exemplary embodiments of this invention

9. CONCLUSION

In the embodiments described herein, an example programming environment,systems and configurations were disclosed for which one or moreembodiments according to the invention were taught. It should beappreciated that the present invention can be implemented by one ofordinary skill in the art using different program organizations andstructures, different data structures, different configurations,different systems, and of course any desired naming conventions withoutdeparting from the teachings herein. In addition, the invention can beported, or otherwise configured for, use across a wide-range ofoperating system environments.

Although the description above contains many details, these should notbe construed as limiting the scope of the invention but as merelyproviding illustrations of some of the exemplary embodiments of thisinvention. Therefore, it will be appreciated that the scope of thepresent invention fully encompasses other embodiments which may becomeobvious to those skilled in the art, and that the scope of the presentinvention is accordingly to be limited by nothing other than theappended claims, in which reference to an element in the singular is notintended to mean “one and only one” unless explicitly so stated, butrather “one or more.” All structural and functional equivalents to theelements of the above-described preferred embodiment that are known tothose of ordinary skill in the art are expressly incorporated herein byreference and are intended to be encompassed by the present claims.Moreover, it is not necessary for a device or method to address each andevery problem sought to be solved by the present invention, for it to beencompassed by the present claims. Furthermore, no element, component,or method step in the present disclosure is intended to be dedicated tothe public regardless of whether the element, component, or method stepis explicitly recited in the claims. No claim element herein is to beconstrued under the provisions of 35 U.S.C. 112, sixth paragraph, unlessthe element is expressly recited using the phrase “means for.”

What is claimed is:
 1. A system, comprising: computer system memorycomprising one or more memory locations configured to store one or moremulti-process applications; one or more Central Processing Units (CPUs)operatively connected to said computer system memory and configured toexecute said one or more multi-process applications on a host with ahost operating system; a checkpointer comprising at least a checkpointerdevice, and configured to generate checkpoints of said one or moremulti-process applications; and wherein, for each application process ofsaid one or more multi-process applications; a read function of saidcheckpointer device skips memory pages not used by said each applicationprocess; wherein the read function of said checkpointer device includesmemory pages used by said each application process; and wherein thecheckpointer device read function calls optionally are optimized by askip of one or more of reserved low memory, reserved high memory, ormemory reserved for the operating system.
 2. The system according toclaim 1 wherein said host operating system is one of Windows, Linux,Solaris or UNIX.
 3. The system according to claim 1 wherein saidcheckpointer is implemented as one of a kernel module, a loadable kernelmodule, kernel loadable module, a device driver or compiled into akernel.
 4. The system according to claim 1, further comprising a storeof said checkpoints in one or more of memory, local storage, remotestorage, or networked storage.
 5. The system according to claim 1,wherein a checkpoint is comprised of one or more of global system state,application process hierarchy, shared application process state, andstate of application processes.
 6. The system according to claim 5,wherein a checkpoint for an application process is comprised of one ormore of total page count, and one or more of application memory pages.7. The system according to claim 5, wherein said one or more of globalsystem state, application process hierarchy, shared application processstate, and state of application processes are written to memory, localstorage, remote storage or networked storage as part of a checkpoint ofsaid applications.
 8. The system according to claim 7, wherein theprocess hierarchy is encoded as a tree.
 9. The system according to claim1, wherein a checkpoint is triggered by one or more of elapsed time, CPUthreshold, network threshold, storage threshold, configuration changes,external scripts, external programs, or by administrator.
 10. The systemaccording to claim 1, wherein triggering a checkpoint causes theexecution of said multi-process applications to pause at asynchronization point.
 11. The system according to claim 1, wherein apage of application memory is checkpointed by the next page being readwith a character device, wherein the checkpointer device is implementedas the character device.
 12. A system, comprising: computer systemmemory comprising one or more memory locations configured to store oneor more multi-process applications; one or more Central Processing Units(CPUs) operatively connected to said computer system memory andconfigured to execute said one or more multi-process applications on ahost with a host operating system; a checkpointer comprising at least acheckpointer character device, and configured to generate checkpoints ofsaid one or more multi-process applications; and a synchronizationmodule configured to pause execution of the one or more applications ata synchronization point, or trigger each of the one or moremulti-process applications to pause at said synchronization point;wherein a checkpoint is comprised of a pause of said applicationprocesses at said synchronization point and a call of a read function ofsaid character device for each memory page in each process in saidapplications on a checkpoint thread of said each process; wherein, foreach process of said one or more multi-process applications, a readfunction of said character device skips memorypages not used by saideach process; wherein the read function of said character deviceincludes memory pages used by said each process; and wherein thecharacter device read function calls optionally are optimized by one ormore of a reserved low memory being skipped, a reserved high memorybeing skipped, or a memory reserved for the operating system beingskipped.
 13. The system according to claim 12, wherein the checkpointercomprises a user-space checkpointer.
 14. The system according to claim13, wherein said user-space checkpointer is comprised of one or moreuser-space interceptors.
 15. The system according to claim 14, whereinsaid user-space interceptors comprise at least one of a barrierproviding a synchronization point, creation of a per-process checkpointthread, and an application virtualization space providing a privateresource name space.
 16. The system according to claim 12, wherein thecheckpoint is comprised of a store of said each page in said eachapplication process' checkpoint.
 17. The system according to claim 12,wherein the read function of said character device is accessed through avirtual file system (VFS).
 18. A non-transitory computer readable mediumincluding a computer program having instructions, that when executed bya processor, cause the processor to perform operations including:executing one or more multi-process applications on a host with a hostoperating system; and executing a checkpointer device configured togenerate checkpoints of said one or more multi-process applications;wherein said checkpointer device is called while the executing one ormore multi-process applications is paused; wherein, for each applicationprocess of said one or multi-process applications, a read function ofsaid checkpointer device skips memory pages not used by said eachapplication process; wherein the read function of said checkpointerdevice includes memory pages used by said each application process; andwherein the checkpointer device read function calls optionally areoptimized by a skip of one or more of reserved low memory, reserved highmemory, or memory reserved for the operating system.
 19. Thenon-transitory computer readable medium including a computer programaccording to claim 18, wherein the read function of said characterdevice is accessed through a virtual file system (VFS).
 20. Anon-transitory computer readable medium including a computer programhaving instructions, that when executed by a processor, cause theprocessor to perform operations including: executing one or moremulti-process applications on a host with a host operating system; andexecuting a checkpointer comprised of at least a checkpointer deviceimplemented as a character device, and configured to generatecheckpoints of said one or more multi-process applications; wherein,said checkpointer is called while the executing one or moremulti-process applications is paused at a synchronization point; whereincheckpointing is comprised of pausing said application processes at saidsynchronization point, calling a read function of said character devicefor each memory page in each process in said applications on thecheckpointing thread of said each process; wherein, for each applicationprocess of said one more or multi-process applications, a read functionof said character device skips memory pages not used by said eachprocess; wherein the read function of said character device includesmemory pages used by said each process; and wherein the character deviceread function calls optionally are optimized by a skip of one or more ofreserved low memory, reserved high memory, or memory reserved for theoperating system.